Cybersecurity vendor Trellix has confirmed that an unknown actor gained unauthorized access to part of its source code repository. Source code repositories are a high-value target for attackers, as stolen code can expose internal logic, hard-coded credentials, or unpatched vulnerabilities.
The company, which protects more than 200 million endpoints across over 50,000 customers, disclosed the incident in a statement updated on May 4 and said outside forensic experts are now investigating.
The disclosure left several basic questions unanswered. Trellix did not say when the access occurred, how attackers got in, or what code or other data might have been viewed. There is no public information yet on attribution or whether the company received an extortion demand.
To date, Trellix says there is no sign that its source code release or distribution pipelines were tampered with. The accessed code has not been weaponized against customers, the company added.
“Trellix recently identified unauthorized access to a portion of our source code repository,” the vendor said in its statement, adding that it brought in forensic specialists and notified law enforcement as soon as the access came to light.
Symphony Technology Group-owned Trellix was formed in 2022 from the merger of McAfee Enterprise and FireEye.
Cybersecurity Vendors Under Mounting Pressure
The Trellix incident occurred amid a string of similar events at security and developer-tooling firms. Last week, application security vendor Checkmarx confirmed that the LAPSUS$ extortion group had leaked data lifted from its private GitHub repository.
Cisco told BleepingComputer last month that intruders had broken into its internal development environment using credentials harvested through the Trivy supply chain attack and made off with source code.
HackerOne also told employees in March that their personal data had been stolen via a breach at one of its US benefits administrators.
The pattern is not new. Back in 2020, state-linked actors stole FireEye’s red-team tools as part of the SolarWinds campaign, and the firm later released countermeasures to limit misuse of the toolset.
Trellix said it intends to share further details “as appropriate” once its investigation wraps up.
